Home

  • πŸ•‘ Saturday, 21 November 2020 | πŸ“– 14 minutes

    HackTheBox - Buff

    837a41a8d375e59f0ac06ab5a9ad1845.png

    0. Preface

    Due to Windows Defender/AMSI, we are now having to mask malicious PowerShell scripts, even though it was uploaded using IEX. I also spent quite a bit of time experimenting with different buffer overflow POCs, but eventually got the right one.

    In this box, we will be tackling:

    1. Careful reading and exploiting a web application for RCE
    2. Masking malicious PowerShell scripts to get past Windows AMSI
    3. BUFFer overflow on CloudMe

    Continue Reading...


  • πŸ•‘ Saturday, 07 November 2020 | πŸ“– 13 minutes

    HackTheBox - Tabby

    41b0e42c710a3995c7aa895d7553bb43.png

    0. Preface

    This is the first box I ever done on HackTheBox. This write-up is also one of the very first I’ve written. This is a very interesting box, especially the root privilege escalation.

    In this box, we will be tackling:

    1. LFI
    2. Using Tomcat’s manager-script via curl commands to upload an exploit
    3. Exploiting the laziness of system administrators
    4. Using LXD to get root

    Continue Reading...


  • πŸ•‘ Wednesday, 14 October 2020 | πŸ“– 8 minutes

    VulnHub - Relevant 1

    5e10d90f6fd45ba213a0c99a0785745e.png

    0. Preface

    This is a pretty fun box, which has you enumerating a WordPress site without using the usual wpscan. Turns out, nmap has some pretty useful scripts that can be used to enumerate certain common services too!

    In this box, we will be tackling:

    1. Enumerating WordPress Plugins with nmap.
    2. Exploiting RCE with WordPress File Manager.
    3. Elevating privileges using Node.js.

    Continue Reading...